Articles

Win32 Trojan TDSS and UAC virus

January 2, 2010 at 15:18:03
Specs: Microsoft Windows XP Professional, 2.211 GHz / 1023 MB

Hi. I've had problems with the Win32 TDSS trojan for a few months now, and I've tried to use the advice on these forums, and others, in order to try and remove the problems from my computer. In many cases I can't seem to find a solution that matches my computer's situation enough, and I don't know enough about computers in order to feel confident about trying to fix it myself in an ad-hoc manner. I'd like it if I didn't have to format my computer, particularly because I don't want to back up my computer files if it is just going to cause problems again at a later stage.

The problematic processes get identified by Ad-Aware fairly quickly, and Sophos antivirus detects infected .dll files in my system32 folder, but the trojan itself has either downloaded or aided an infection of an additional virus, which infects files with a UAC prefix, which I believe is a virus. The anti-virus programs that I use can remove the files, apparently after a reboot, but they always detect the virus again within a few minutes/hours or operation.

I have been using Protowall as a firewall for a few months, as it seems to indicate that it blocks IP addresses to various damaging IP addresses, but it doesn't seem to have helped much.

Issues for the most part seem to be restricted to occasional memory run-time problems with my computer, certain files not working anymore, and my DVD drive no longer loads files from mounted discs. I'm not sure if these are related to my problems at all, or if it is simply an indication that my computer is slowly dying from old age.

What can I do about this? Do I need to worry about infecting any of my friends' computers? I have installed various programs that I've seen as recommended for removing this problem, but they've either done nothing, or operate as diagnostic tools for people who are more skilled at using computers than I.


See More: Win32 Trojan TDSS and UAC virus

Report •


#1
January 2, 2010 at 18:55:17

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.


Report •

#2
January 2, 2010 at 22:43:45

i refer you to Trojan TDSS ( Trojan TidServ ) removal guide for the solutions
http://techvts.com/security/remove-...

Report •

#3
January 3, 2010 at 16:41:27

Hi! Thanks both of you for your quick responses!

jabuck: I was unable to install MalwareBytes with any success. The re-named installer would get to the "extracting files" stage, before the window would freeze and I would be left with a partial install. Even waiting several hours, this would not complete. I managed at one point to open the main .exe file, but this did nothing. I noticed that it would add a process to the Task Manager, but nothing actually operates. I re-tried all this in Safe mode, but to no success.

james88: I attempted your suggested method after jabuck's suggestion, but I did not have the TDSSserv.sys driver, and so Avenger was unable to delete it. It may or may not be relevant that it found a hidden driver "a5fmvs9r"

Is there anything else I could try? Thanks again for your aid!


Report •

Related Solutions

#4
January 3, 2010 at 16:47:12

Contents of the RSIT info.txt file:

info.txt logfile of random's system information tool 1.06 2010-01-04 13:55:56

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
AC3Filter 1.61b-->"C:\Program Files\AC3Filter\unins000.exe"
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
ADRIFT Runner 3.90-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\ADRIFT Runner3\ST6UNST.LOG"
ADRIFT Runner-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\ADRIFT Runner\ST6UNST.LOG"
ADRIFT Version 3.90-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\ADRIFT\ST6UNST.LOG"
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Arcanum-->MsiExec.exe /I{08E9C35A-A0AE-43FA-AEA1-E4F58A87FBD1}
ASUS Enhanced Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9
ASUS nVIDIA Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1033
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Auto Gordian Knot 2.55-->C:\Program Files\AutoGK\uninst.exe
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
avi.NET 2.6.5.0-->C:\Program Files\avi.NET\Uninstall.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Baldur's Gate(TM) II - Shadows of Amn(TM) Bonus CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{014585C8-7557-11D4-9ABA-006067325E47}\setup.exe"
Baldur's Gate(TM) II - Throne of Bhaal (TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8C3B479-1716-11D5-968A-0050BA84F5F7}\Setup.exe"
Baldur's Gate-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Black Isle\Baldur's Gate\Uninst.isu"
Bazooka Cafe-->C:\WINDOWS\unvise32.exe C:\Program Files\G-Collections\uninstal.log
BLM 2.7.7-->"C:\Program Files\Bluetack\Blocklist Manager\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BotHunter-->MsiExec.exe /X{4CB2511D-A074-40E0-A5ED-A875EBBDDF49}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CompuApps SwissKnife V3-->C:\WINDOWS\ISUNINST.EXE -fC:\SWISNIFE\SKUninst.ISU -cC:\SWISNIFE\SKUNINST.DLL
Deus Ex - Invisible War-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}\Setup.exe" -l0x9
Deus Ex-->C:\DeusEx\System\Setup.exe uninstall "Deus Ex"
Disk Investigator 1.32-->C:\Program Files\Disk Investigator\uninst.exe
Dune Wars (remove only)-->C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Mods\Dune Wars\Dune Wars Uninstall.exe
Dungeon Siege 2-->"C:\Program Files\Microsoft Games\Dungeon Siege 2\UNINSTAL.EXE" /runtemp /uninstall
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVDFab 6.2.0.5 (11/11/2009)-->"C:\Program Files\DVDFab 6\unins000.exe"
EV Nova (remove only)-->"C:\Program Files\EV Nova\uninstall.exe"
Fallout 3 - The Garden of Eden Creation Kit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B343B0E3-212A-40B9-8207-1BD299228F5D}\setup.exe" -l0x9 -removeonly
Fallout2-->C:\WINDOWS\ipuninst.exe -fC:\Program Files\BlackIsle\Fallout2\uninst.log
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GIMP 2.4.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hexen II-->C:\WINDOWS\IsUninst.exe -f"C:\Hexen II\Uninst.isu"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homeworld2-->C:\Program Files\Sierra\Homeworld2\uninstall.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HTML TADS Player Kit-->"C:\WINDOWS\TADSUINS.EXE" C:\Program Files\TADS\UnInst2B63.inf
Inform 7-->"C:\Program Files\Inform 7\Uninstall.exe"
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.01 Standard-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Larger Inventory UI 1.10 for Oblivion-->"C:\Program Files\Bethesda Softworks\Oblivion\Data\uninst\LargerInv\unins000.exe"
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1 SP1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# 1.1 Redistributable Package-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable\install.exe
Microsoft Windows Application Compatibility Database-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Mozilla Firefox (3.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.0)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Music Rescue 3.1.6-->"C:\Program Files\Music Rescue\unins000.exe"
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Neverwinter Nights 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
NWN2 - Dark Waters 1-->"C:\Documents and Settings\Rob\My Documents\Neverwinter Nights 2\modules\DW1Uninstall.exe"
NWN2 - Dark Waters 2-->"g:\NWN2\modules\DW2Uninstall.exe"
Oblivion mod manager 1.1.12-->"C:\Program Files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe"
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Phun beta 3.12-->"C:\Program Files\Phun\unins000.exe"
Planescape - Torment-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Black Isle\Torment\Uninst.isu"
Planetfall v12-->C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Mods\Planetfall v12\Uninstall.exe
Python 2.6 pygame-1.9.1-->MsiExec.exe /I{6C15DC29-040C-433F-B1AE-783D37E9C08B}
Python 2.6.3-->MsiExec.exe /I{3D9AC095-E115-4E94-BDEF-7F7EDF17697D}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RAGS Player 1.2.0.0-->C:\Program Files\RAGS Suite\uninst.exe
RAGS Suite 1.3.0.0-->C:\Program Files\RAGS Suite\uninst.exe
RAGS Suite BETA 1.3.9.0-->C:\Program Files\RAGS Suite\uninst.exe
RapidCRC 0.6.1-->C:\Program Files\RapidCRC\uninst.exe
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
Sacred Underworld-->"C:\Program Files\Ascaron Entertainment\Sacred Underworld\unins000.exe"
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sid Meier's Civilization 4 - Beyond the Sword-->C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4 Complete-->C:\Program Files\InstallShield Installation Information\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}\setup.exe -runfromtemp -l0x0009 -removeonly
Sins of a Solar Empire-->"C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Sins of a Solar Empire-->C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sophos Anti-Virus-->MsiExec.exe /X{034759DA-E21A-4795-BFB3-C66D17FAD183}
Sophos AutoUpdate-->MsiExec.exe /X{15C418EB-7675-42BE-B2B3-281952DA014D}
SpellForce 2 - Shadow Wars-->MsiExec.exe /I{1A4E47DC-6701-4A85-AA16-C1F99A44598C}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars Empire at War Forces of Corruption-->C:\Program Files\InstallShield Installation Information\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}\Setup.exe -runfromtemp -l0x0009 -removeonly
Star Wars Empire at War-->C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe -runfromtemp -l0x0009 -removeonly
Star Wars Jedi Knight Jedi Academy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}\Setup.exe" -l0x9
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TabularFramework-->MsiExec.exe /I{8EECFAF4-A925-48C8-B286-04A9C2CB226A}
TES Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
The Endless Forest-->"C:\Program Files\Tale of Tales\The Endless Forest 3\unins000.exe"
The Nameless Mod-->C:\DeusEx\Uninstall_TNM.exe
The Neverhood-->C:\Program Files\DreamWorks Interactive\Neverhood\setup95.exe /uninstall
The Witcher-->"C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly
Unofficial Shivering Isles Patch v1.0.0-->"C:\Program Files\Bethesda Softworks\Oblivion\Unofficial Shivering Isles Patch\unins000.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VirtualDrive-->"C:\Program Files\FarStone\VirtualDrive\Setup.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
WinAce Archiver 2.0-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WZebra 4.2.4-->"C:\Program Files\WZebra\unins000.exe"
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
XviD MPEG4 Video Codec (remove only)-->"C:\Program Files\XviD\xvid-uninstall.exe"

======Hosts File======

209.85.171.99 google.com
66.249.91.83 gmail.com

======Security center information======

AV: AVG Anti-Virus Free (outdated)
AV: Sophos Anti-Virus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\PROGRA~1\FARSTONE\VIRTUA~1\;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32;;%JAVA_HOME%\bin;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 7 Stepping 10, AuthenticAMD
"PROCESSOR_REVISION"=070a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"JAVA_HOME"=C:\Program Files\Java\jre6
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Report •

#5
January 3, 2010 at 18:36:45

That is only part of the RSIT log. It may take more than one post to get all the info posted.

Both logs will be located at C:\RSIT.exe.


Report •

#6
January 3, 2010 at 18:49:57

Contents of RSIT log.txt file:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Rob at 2010-01-04 13:55:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 58 GB (19%) free of 305 GB
Total RAM: 1023 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:54 p.m., on 4/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Rob\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rob.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 209.85.171.99 google.com
O1 - Hosts: 66.249.91.83 gmail.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 11661 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2008-02-19 99760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}]
Sophos Web Content Scanner - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [2009-09-20 240680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-07-06 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-04 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-07-12 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-04 2055960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-07-12 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
""= []
"VirtualDrive"=C:\Program Files\FarStone\VirtualDrive\VDTask.exe [2005-07-07 143360]
"RAMDrive"=C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe [2004-09-15 36864]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-11-21 185896]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-09 7561216]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-03-09 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-05-16 1177368]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-13 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-13 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-09-19 171464]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-09-22 1871872]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"ProtoWall"=C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe [2006-04-18 737280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-04-16 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInternetIcon"=1
"NoSMHelp"=1
"NoResolveTrack"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HideRunAsVerb"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=


Report •

#7
January 3, 2010 at 18:50:31

Remainder of RSIT log.txt file:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Soldat\Soldat.exe"="C:\Soldat\Soldat.exe:*:Disabled:Soldat"
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Microsoft Games\Rise Of Legends\legends.exe"="C:\Program Files\Microsoft Games\Rise Of Legends\legends.exe:*:Enabled:Rise Of Legends"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe"="C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe"="C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Disabled:Rise of Nations"
"C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe"="C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:*:Enabled:Sacred 2 Game Server"
"C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe"="C:\Program Files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:*:Enabled:Sacred 2"
"C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe"="C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:WinRAR archiver"
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Complete"
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords"
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4: Beyond the Sword"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe"="C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:*:Enabled:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13f83a02-4f5d-11de-a85d-0014851f3d4b}]
shell\Auto\command - H:\RavMon.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{148bfab0-dae8-11dd-a7c7-0014851f3d4b}]
shell\Auto\command - RavMon.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b80ca15-84d5-11dc-a587-0014851f3d4b}]
shell\Auto\command - I:\RavMon.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bd7537c-af2a-11dd-a77c-0014851f3d4b}]
shell\Auto\command - H:\RavMon.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4550851c-a415-11dd-a768-0014851f3d4b}]
shell\Auto\command - I:\RavMon.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5873ae1c-83de-11dd-a723-0014851f3d4b}]
shell\Auto\command - RavMon.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5873ae1d-83de-11dd-a723-0014851f3d4b}]
shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba713f92-4ae2-11dd-a6b7-0014851f3d4b}]
shell\Auto\command - H:\RavMon.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf6cc47f-d1d1-11dc-a5f3-0014851f3d4b}]
shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d029588c-4fde-11dd-a6c0-0014851f3d4b}]
shell\Auto\command - H:\RavMon.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3c529e8-6a82-11dd-a6ec-0014851f3d4b}]
shell\Auto\command - H:\RavMon.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe


======List of files/folders created in the last 2 months======

2010-01-04 13:55:52 ----D---- C:\rsit
2010-01-04 13:37:11 ----D---- C:\Avenger
2010-01-04 13:37:11 ----A---- C:\avenger.txt
2010-01-03 19:55:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-03 14:37:13 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-03 14:35:44 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-03 14:35:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-03 13:38:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-03 10:04:19 ----SHD---- C:\Config.Msi
2010-01-03 03:06:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-01-03 03:06:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-01-03 03:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-01-03 03:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-01-03 03:06:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-01-03 03:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-03 03:06:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-03 03:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-03 03:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-03 03:06:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-01-03 03:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-03 03:05:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-01-03 03:05:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2010-01-03 03:05:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-01-03 03:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-03 03:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-03 03:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-01-03 03:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-03 03:05:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-03 03:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-01-03 03:05:21 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-01-03 03:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-01-03 03:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-03 03:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-01-03 03:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-03 03:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-03 03:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-01-03 03:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-03 03:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-01-03 03:04:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-01-03 03:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-01-03 03:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-01-03 03:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-03 03:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-03 03:04:28 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-01-03 03:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-01-03 03:04:21 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-01-03 03:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-01-03 03:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-03 03:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2010-01-03 03:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-01-03 03:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-01-03 03:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-01-03 03:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-03 03:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-01-03 03:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-03 03:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-01-03 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-01-03 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-01-03 03:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-01-03 03:02:53 ----D---- C:\Program Files\MSXML 4.0
2010-01-03 03:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-01-03 03:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-01-03 03:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-03 03:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-03 03:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-03 03:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-03 03:02:26 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-02 17:36:51 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2010-01-02 16:01:37 ----D---- C:\CSWARE
2009-12-29 20:36:11 ----D---- C:\Program Files\Trend Micro
2009-12-28 16:15:29 ----D---- C:\Program Files\TabularFramework
2009-12-25 10:06:02 ----D---- C:\Program Files\iPod
2009-12-25 10:05:57 ----D---- C:\Program Files\iTunes
2009-12-25 10:05:57 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 10:04:25 ----D---- C:\Program Files\QuickTime
2009-12-25 10:02:32 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-12-18 21:20:30 ----D---- C:\Program Files\WinAce
2009-12-18 21:02:16 ----D---- C:\Program Files\Star Wars Empire at War Forces of Corruption
2009-12-18 21:02:16 ----D---- C:\Program Files\Star Wars Empire at War
2009-12-18 19:01:20 ----D---- C:\Program Files\THQ
2009-12-17 19:01:38 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2009-12-17 19:01:38 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2009-12-17 19:01:37 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2009-12-17 19:01:36 ----A---- C:\WINDOWS\system32\msir3jp.dll
2009-12-17 19:01:27 ----A---- C:\WINDOWS\system32\kbd101a.dll
2009-12-17 19:01:20 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2009-12-17 19:01:20 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2009-12-17 19:01:20 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2009-12-17 19:01:09 ----A---- C:\WINDOWS\system32\c_is2022.dll
2009-12-16 18:09:37 ----D---- C:\Documents and Settings\Rob\Application Data\Leadertech
2009-12-14 21:46:48 ----D---- C:\Sierra
2009-12-14 21:22:05 ----A---- C:\WINDOWS\Wininit.ini
2009-12-12 10:31:57 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-12-12 10:31:57 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-12-12 10:31:57 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-12-12 10:31:57 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-12-12 10:31:56 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-12-12 10:31:55 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-12-12 10:09:25 ----D---- C:\Program Files\mockingsoft
2009-12-11 17:47:20 ----D---- C:\Program Files\Common Files\Skype
2009-12-09 19:04:10 ----A---- C:\WINDOWS\system32\Unzip32.dll
2009-12-09 19:04:09 ----D---- C:\Program Files\Bluetack
2009-12-05 15:09:22 ----D---- C:\Documents and Settings\Rob\Application Data\Google
2009-12-04 08:14:34 ----D---- C:\Program Files\avi.NET
2009-12-04 08:13:49 ----D---- C:\Program Files\AC3Filter
2009-12-03 21:06:30 ----RA---- C:\WINDOWS\system32\LVUI2RC.dll
2009-12-03 21:06:30 ----RA---- C:\WINDOWS\system32\LVUI2.dll
2009-12-03 21:06:30 ----RA---- C:\WINDOWS\system32\lvcoinst.ini
2009-12-03 21:06:30 ----RA---- C:\WINDOWS\system32\lvcodec2.dll
2009-12-03 21:06:30 ----RA---- C:\WINDOWS\system32\lvci1150.dll
2009-12-03 21:03:00 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2009-12-03 21:02:58 ----D---- C:\Program Files\Common Files\LogiShrd
2009-12-03 21:02:52 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-12-03 21:02:51 ----D---- C:\Program Files\Logitech
2009-11-30 20:09:43 ----D---- C:\DeusEx
2009-11-26 09:14:20 ----A---- C:\Documents and Settings\Rob\Application Data\inst.exe
2009-11-26 09:14:19 ----D---- C:\Documents and Settings\Rob\Application Data\Vso
2009-11-26 09:14:10 ----D---- C:\Program Files\DVDFab 6
2009-11-06 00:14:50 ----D---- C:\Program Files\Seagate

======List of files/folders modified in the last 2 months======

2010-01-04 13:38:47 ----D---- C:\WINDOWS\Temp
2010-01-04 13:38:47 ----AD---- C:\WINDOWS\system32
2010-01-04 13:37:59 ----D---- C:\Program Files\Mozilla Firefox
2010-01-04 13:37:11 ----D---- C:\WINDOWS\system32\drivers
2010-01-04 13:33:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-04 13:21:52 ----D---- C:\Program Files
2010-01-04 09:40:18 ----D---- C:\WINDOWS
2010-01-03 23:23:52 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-03 23:23:52 ----D---- C:\WINDOWS\inf
2010-01-03 23:23:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-03 20:02:30 ----D---- C:\WINDOWS\Prefetch
2010-01-03 18:18:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-03 14:35:46 ----D---- C:\WINDOWS\system32\dllcache
2010-01-03 11:09:50 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-03 11:09:45 ----RSD---- C:\WINDOWS\assembly
2010-01-03 10:40:56 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-03 10:05:21 ----SHD---- C:\WINDOWS\Installer
2010-01-03 10:05:20 ----D---- C:\WINDOWS\AppPatch
2010-01-03 10:04:45 ----D---- C:\WINDOWS\WinSxS
2010-01-03 10:02:47 ----D---- C:\WINDOWS\system32\XPSViewer
2010-01-03 10:02:43 ----RSD---- C:\WINDOWS\Fonts
2010-01-03 10:01:12 ----D---- C:\Program Files\Internet Explorer
2010-01-03 09:59:52 ----D---- C:\Documents and Settings\Rob\Application Data\uTorrent
2010-01-03 03:08:13 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-01-03 03:08:13 ----D---- C:\WINDOWS\system32\wbem
2010-01-03 03:06:18 ----D---- C:\Program Files\Messenger
2010-01-03 03:04:38 ----D---- C:\Program Files\Outlook Express
2010-01-02 17:25:30 ----A---- C:\WINDOWS\DUMP82cc.tmp
2010-01-02 15:54:23 ----D---- C:\Documents and Settings\Rob\Application Data\Rags
2009-12-30 18:13:15 ----A---- C:\Documents and Settings\Rob\Application Data\AutoGK.ini
2009-12-30 00:06:51 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-28 16:08:22 ----D---- C:\Documents and Settings\Rob\Application Data\skypePM
2009-12-25 22:04:05 ----D---- C:\Documents and Settings\Rob\Application Data\Skype
2009-12-25 10:12:04 ----D---- C:\Documents and Settings\Rob\Application Data\Apple Computer
2009-12-25 10:06:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-25 10:06:01 ----D---- C:\Program Files\Common Files\Apple
2009-12-25 10:05:20 ----D---- C:\Program Files\Bonjour
2009-12-25 10:02:38 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-12-25 10:02:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-24 21:09:42 ----D---- C:\Documents and Settings\Rob\Application Data\dvdcss
2009-12-24 10:59:59 ----A---- C:\WINDOWS\DUMP6987.tmp
2009-12-24 09:28:00 ----A---- C:\WINDOWS\DUMPdb3d.tmp
2009-12-23 12:15:58 ----D---- C:\WINDOWS\system32\DirectX
2009-12-22 21:33:09 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-12-22 20:49:15 ----A---- C:\WINDOWS\BlendSettings.ini
2009-12-21 23:45:36 ----D---- C:\WINDOWS\Debug
2009-12-21 23:43:27 ----A---- C:\WINDOWS\DUMPbbed.tmp
2009-12-21 22:02:42 ----D---- C:\Program Files\Microsoft Games
2009-12-21 22:02:41 ----SD---- C:\Documents and Settings\Rob\Application Data\Microsoft
2009-12-21 21:59:24 ----D---- C:\Program Files\Ubisoft
2009-12-21 21:59:00 ----D---- C:\Program Files\Electronic Arts
2009-12-21 21:58:20 ----D---- C:\Program Files\LucasArts
2009-12-21 21:56:00 ----D---- C:\Program Files\Mount&Blade
2009-12-21 21:54:32 ----D---- C:\Program Files\Atari
2009-12-21 21:43:50 ----A---- C:\WINDOWS\DUMP5ca2.tmp
2009-12-20 09:34:00 ----D---- C:\Documents and Settings\Rob\Application Data\Petroglyph
2009-12-18 22:18:35 ----A---- C:\WINDOWS\DUMPa2e2.tmp
2009-12-18 19:41:07 ----D---- C:\Program Files\EA GAMES
2009-12-17 19:01:29 ----D---- C:\WINDOWS\Help
2009-12-14 21:28:27 ----D---- C:\Program Files\Paradox Interactive
2009-12-14 21:25:59 ----D---- C:\Program Files\eQuake
2009-12-14 21:25:31 ----D---- C:\Program Files\EmpiresandDungeons_at
2009-12-14 21:22:06 ----D---- C:\Sword
2009-12-11 17:47:20 ----RD---- C:\Program Files\Skype
2009-12-11 17:47:20 ----D---- C:\Program Files\Common Files
2009-12-11 17:47:18 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-12-06 11:37:27 ----A---- C:\WINDOWS\DUMP6726.tmp
2009-12-04 08:14:20 ----D---- C:\Program Files\AviSynth 2.5
2009-12-04 08:14:06 ----D---- C:\Program Files\XviD
2009-12-03 21:06:30 ----D---- C:\WINDOWS\twain_32
2009-12-02 21:02:00 ----D---- C:\Program Files\FastCrawlDemo
2009-11-30 21:13:13 ----D---- C:\Program Files\Windows Media Connect 2
2009-11-30 21:13:13 ----D---- C:\Program Files\Phun
2009-11-30 21:13:13 ----D---- C:\Program Files\PC Inspector File Recovery
2009-11-30 21:13:10 ----D---- C:\Program Files\GameSpy Arcade
2009-11-30 20:45:06 ----A---- C:\WINDOWS\DUMPff6e.tmp
2009-11-30 20:36:17 ----A---- C:\WINDOWS\DUMPf102.tmp
2009-11-30 20:31:50 ----A---- C:\WINDOWS\DUMPefaa.tmp
2009-11-25 22:12:07 ----A---- C:\WINDOWS\DUMPf121.tmp
2009-11-16 19:41:03 ----A---- C:\WINDOWS\DUMPf0c3.tmp
2009-11-07 08:33:16 ----D---- C:\Program Files\Java
2009-11-06 00:14:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys []
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-06-09 23040]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-07-04 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-04 26824]
R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2009-09-20 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2009-09-20 38528]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-03-12 278984]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-04 76040]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-22 10624]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-01-07 25416]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-04-16 62336]
R2 SBKUPNT;SBKUPNT; \??\C:\WINDOWS\system32\Drivers\SBKUPNT.SYS []
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2005-09-22 19200]
R3 fcdabus;fcdabus; C:\WINDOWS\system32\DRIVERS\fcdabus.sys [2005-05-12 11136]
R3 fsRamDsk;RamDisk Drive Service; C:\WINDOWS\System32\Drivers\fsRamDsk.sys [2004-09-10 37409]
R3 FVDSCSI;FVDSCSI; C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2005-04-25 57216]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-18 18688]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
R3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-10-12 1920920]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
R3 LVUVC;Logitech QuickCam Pro 9000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-10-12 3647384]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-09 3650368]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-11-26 47360]
R3 ProtoWall;ProtoWall Network Service; C:\WINDOWS\system32\DRIVERS\ProtoWall.sys [2006-01-02 23296]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-18 19584]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 asnb63d8;asnb63d8; C:\WINDOWS\system32\drivers\asnb63d8.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-10-12 23832]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-07 34064]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-04-16 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2008-05-23 14976]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-08-07 253952]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 873752]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231192]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-26 1028432]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-09 143436]
R2 SAVAdminService;Sophos Anti-Virus status reporter; c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2009-10-29 80936]
R2 SAVService;Sophos Anti-Virus; c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2008-08-21 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; c:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2009-09-20 172032]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-12 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-07 92792]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Report •

#8
January 4, 2010 at 10:00:51

Rename the setup file to mal or something. This will install the
software. After installation is done, go to the program folder and
rename the application to mal or something. That should run the
program. I had the same problem with a laptop.

Report •

#9
January 5, 2010 at 18:43:03

You have two antivirus programs running which is a bad idea as they will conflict. You need to decide which one you like and uninstall the other.

Please download Combofix with internet explorer instead of FireFox.

Remember..your AVG/Sophos antivirus, Spybot's TeaTimer, and Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#10
January 5, 2010 at 22:49:03

Thanks so much for your help jabuck! I really appreciate it!

Report •

#11
January 5, 2010 at 22:50:34

ComboFix 10-01-04.01 - Rob 06/01/2010 19:25:10.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.1023.485 [GMT 13:00]
Running from: c:\documents and settings\Rob\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rob\Application Data\inst.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\svchost.ini
c:\windows\system32\msconfig.exe
c:\windows\system32\UACbwwkbxtofj.log
c:\windows\system32\UACxmnmtcuilu.dat
c:\windows\Sysvxd.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACd.sys
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-12-06 to 2010-01-06 )))))))))))))))))))))))))))))))
.

2010-01-04 10:43 . 2009-09-04 04:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-01-04 10:43 . 2009-09-04 04:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-04 10:43 . 2010-01-04 10:44 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-04 09:14 . 2010-01-04 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2010-01-04 05:49 . 2010-01-04 05:49 -------- d-----w- c:\windows\system32\MpEngineStore
2010-01-04 00:55 . 2010-01-04 00:55 -------- d-----w- C:\rsit
2010-01-04 00:20 . 2009-12-30 01:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 20:45 . 2010-01-03 20:45 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-03 06:55 . 2010-01-03 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-03 00:38 . 2010-01-04 00:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-02 21:37 . 2009-10-21 05:38 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2010-01-02 21:37 . 2009-10-21 05:38 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2010-01-02 21:37 . 2009-10-20 16:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-01-02 14:02 . 2010-01-02 14:02 -------- d-----w- c:\program files\MSXML 4.0
2010-01-02 14:02 . 2010-01-03 01:35 -------- d--h--w- c:\windows\$hf_mig$
2010-01-02 05:05 . 2008-06-24 16:43 74240 ------w- c:\windows\system32\dllcache\mscms.dll
2010-01-02 05:05 . 2009-03-21 14:06 989696 ------w- c:\windows\system32\dllcache\kernel32.dll
2010-01-02 05:05 . 2009-06-12 12:31 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
2010-01-02 05:05 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2010-01-02 05:05 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-01-02 05:05 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-01-02 05:05 . 2008-05-09 10:53 90112 ------w- c:\windows\system32\dllcache\wshext.dll
2010-01-02 05:05 . 2008-05-09 10:53 430080 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-01-02 05:05 . 2008-05-09 10:53 172032 ------w- c:\windows\system32\dllcache\scrrun.dll
2010-01-02 05:05 . 2008-05-09 10:53 180224 ------w- c:\windows\system32\dllcache\scrobj.dll
2010-01-02 05:05 . 2008-05-09 08:45 135168 ------w- c:\windows\system32\dllcache\cscript.exe
2010-01-02 05:05 . 2008-05-08 11:24 155648 ------w- c:\windows\system32\dllcache\wscript.exe
2010-01-02 05:04 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2010-01-02 05:04 . 2009-07-29 04:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-01-02 05:04 . 2009-07-29 04:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-01-02 05:04 . 2008-07-07 20:26 253952 ------w- c:\windows\system32\dllcache\es.dll
2010-01-02 05:04 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-01-02 05:04 . 2009-06-10 14:13 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2010-01-02 05:04 . 2009-08-26 08:00 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2010-01-02 05:03 . 2009-05-07 15:32 345600 ------w- c:\windows\system32\dllcache\localspl.dll
2010-01-02 05:03 . 2009-06-03 19:09 1291264 ------w- c:\windows\system32\dllcache\quartz.dll
2010-01-02 05:03 . 2008-06-12 14:23 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2010-01-02 05:03 . 2008-06-12 14:23 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2010-01-02 05:03 . 2008-06-12 14:23 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2010-01-02 05:03 . 2008-06-12 14:23 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2010-01-02 05:03 . 2008-06-12 14:23 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2010-01-02 05:03 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2010-01-02 05:03 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2010-01-02 05:03 . 2008-06-17 19:02 8461312 ------w- c:\windows\system32\dllcache\shell32.dll
2010-01-02 05:02 . 2009-10-13 10:30 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2010-01-02 05:02 . 2008-08-14 10:04 138496 ------w- c:\windows\system32\dllcache\afd.sys
2010-01-02 05:02 . 2008-06-20 11:51 361600 ------w- c:\windows\system32\dllcache\tcpip.sys
2010-01-02 05:02 . 2008-06-20 11:08 225856 ------w- c:\windows\system32\dllcache\tcpip6.sys
2010-01-02 05:01 . 2008-06-20 17:46 245248 ------w- c:\windows\system32\dllcache\mswsock.dll
2010-01-02 05:01 . 2008-06-20 17:46 147968 ------w- c:\windows\system32\dllcache\dnsapi.dll
2010-01-02 05:01 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-01-02 05:01 . 2009-08-25 09:17 354816 ------w- c:\windows\system32\dllcache\winhttp.dll
2010-01-02 05:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-01-02 05:01 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-01-02 04:59 . 2009-09-11 14:18 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2010-01-02 04:59 . 2009-06-25 08:25 56832 ------w- c:\windows\system32\dllcache\secur32.dll
2010-01-02 04:59 . 2009-06-25 08:25 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2010-01-02 04:59 . 2009-06-25 08:25 147456 ------w- c:\windows\system32\dllcache\schannel.dll
2010-01-02 04:59 . 2009-06-24 11:18 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2010-01-02 04:59 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-01-02 04:59 . 2009-06-25 08:25 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2010-01-02 04:59 . 2009-08-14 13:21 1850624 ------w- c:\windows\system32\dllcache\win32k.sys
2010-01-02 04:58 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-01-02 04:55 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-01-02 04:55 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-01-02 04:55 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-01-02 04:55 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-01-02 04:55 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2010-01-02 04:55 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-02 04:55 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-02 04:55 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-01-02 04:55 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-01-02 04:52 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-01-02 04:52 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-02 04:52 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2010-01-02 04:52 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-01-02 04:52 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-02 04:48 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-02 04:44 . 2009-08-04 15:13 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-02 04:43 . 2009-08-04 14:20 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-02 04:43 . 2009-08-04 14:20 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-02 04:41 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-01-02 04:41 . 2009-07-31 04:35 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-01-02 04:36 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-02 04:36 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-01-02 04:36 . 2009-08-13 15:16 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-01-02 03:01 . 2010-01-02 03:01 -------- d-----w- C:\CSWARE
2009-12-29 07:36 . 2009-12-29 07:36 -------- d-----w- c:\program files\Trend Micro
2009-12-28 03:15 . 2009-12-28 03:27 -------- d-----w- c:\program files\TabularFramework
2009-12-24 21:06 . 2009-12-24 21:06 -------- d-----w- c:\program files\iPod
2009-12-24 21:05 . 2009-12-24 21:06 -------- d-----w- c:\program files\iTunes
2009-12-24 21:05 . 2009-12-24 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-24 21:04 . 2009-12-24 21:04 -------- d-----w- c:\program files\QuickTime
2009-12-24 21:02 . 2009-08-28 06:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-12-18 08:20 . 2009-12-18 08:20 -------- d-----w- c:\program files\WinAce
2009-12-18 08:02 . 2009-12-18 08:02 -------- d-----w- c:\program files\Star Wars Empire at War Forces of Corruption
2009-12-18 08:02 . 2009-12-18 08:02 -------- d-----w- c:\program files\Star Wars Empire at War
2009-12-18 06:35 . 2009-12-18 06:45 981 ----a-w- c:\windows\eReg.dat
2009-12-18 06:01 . 2009-12-18 06:01 -------- d-----w- c:\program files\THQ
2009-12-16 05:09 . 2009-12-16 05:09 -------- d-----w- c:\documents and settings\Rob\Application Data\Leadertech
2009-12-14 08:46 . 2009-12-14 08:46 -------- d-----w- C:\Sierra
2009-12-11 21:31 . 2001-08-17 09:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-12-11 21:31 . 2001-08-17 09:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-12-11 21:31 . 2001-08-17 09:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-12-11 21:31 . 2001-08-17 09:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-12-11 21:31 . 2001-08-17 01:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-12-11 21:31 . 2001-08-17 01:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-12-11 21:31 . 2001-08-17 01:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-12-11 21:31 . 2001-08-17 01:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2009-12-11 21:31 . 2001-08-17 01:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-12-11 21:31 . 2001-08-17 01:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-12-11 21:31 . 2008-04-13 16:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-12-11 21:31 . 2008-04-13 16:39 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2009-12-11 21:09 . 2009-12-11 21:09 -------- d-----w- c:\program files\mockingsoft
2009-12-11 04:47 . 2009-12-11 04:47 -------- d-----w- c:\program files\Common Files\Skype
2009-12-09 06:04 . 2000-10-29 04:34 150016 ----a-w- c:\windows\system32\Unzip32.dll
2009-12-09 06:04 . 2009-12-09 06:44 -------- d-----w- c:\program files\Bluetack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 06:34 . 2007-12-08 03:57 31736 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 06:32 . 2009-12-03 08:06 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-06 06:32 . 2009-12-03 08:06 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-05 10:09 . 2008-05-19 11:18 -------- d-----w- c:\documents and settings\Rob\Application Data\Skype
2010-01-05 06:03 . 2008-05-19 11:22 -------- d-----w- c:\documents and settings\Rob\Application Data\skypePM
2010-01-04 09:14 . 2007-10-15 06:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-04 06:33 . 2009-09-18 22:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-04 06:21 . 2009-09-18 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-02 20:59 . 2007-10-17 05:26 -------- d-----w- c:\documents and settings\Rob\Application Data\uTorrent
2010-01-02 04:25 . 2007-10-14 17:55 98304 ----a-w- c:\windows\DUMP82cc.tmp
2010-01-02 02:54 . 2007-12-08 04:29 -------- d-----w- c:\documents and settings\Rob\Application Data\Rags
2009-12-28 19:14 . 2009-11-25 20:14 -------- d-----w- c:\documents and settings\Rob\Application Data\Vso
2009-12-28 19:14 . 2009-11-25 20:14 -------- d-----w- c:\program files\DVDFab 6
2009-12-24 21:12 . 2007-10-15 06:40 -------- d-----w- c:\documents and settings\Rob\Application Data\Apple Computer
2009-12-24 21:06 . 2007-10-15 06:39 -------- d-----w- c:\program files\Common Files\Apple
2009-12-24 21:05 . 2008-05-12 12:48 -------- d-----w- c:\program files\Bonjour
2009-12-24 21:02 . 2007-10-15 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-24 08:09 . 2008-06-26 07:07 -------- d-----w- c:\documents and settings\Rob\Application Data\dvdcss
2009-12-23 21:59 . 2007-10-14 17:55 98304 ----a-w- c:\windows\DUMP6987.tmp
2009-12-23 20:28 . 2007-10-14 17:55 98304 ----a-w- c:\windows\DUMPdb3d.tmp
2009-12-22 08:33 . 2007-10-30 06:29 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-21 10:43 . 2007-10-14 17:55 98304 ----a-w- c:\windows\DUMPbbed.tmp
2009-12-21 09:02 . 2008-02-02 01:17 -------- d-----w- c:\program files\Microsoft Games
2009-12-21 08:59 . 2007-10-23 18:53 -------- d-----w- c:\program files\Ubisoft
2009-12-21 08:59 . 2008-08-25 09:24 -------- d-----w- c:\program files\Electronic Arts
2009-12-21 08:58 . 2007-10-28 00:04 -------- d-----w- c:\program files\LucasArts
2009-12-21 08:56 . 2009-09-29 12:30 -------- d-----w- c:\program files\Mount&Blade
2009-12-21 08:54 . 2007-10-30 04:35 -------- d-----w- c:\program files\Atari
2009-12-21 08:43 . 2007-10-14 17:55 98304 ----a-w- c:\windows\DUMP5ca2.tmp
2009-12-19 20:34 . 2008-02-07 05:06 -------- d-----w- c:\documents and settings\Rob\Application Data\Petroglyph
2009-12-18 09:18 . 2007-10-14 17:55 98304 ----a-w- c:\windows\DUMPa2e2.tmp
2009-12-18 06:41 . 2008-04-13 06:54 -------- d-----w- c:\program files\EA GAMES
2009-12-17 05:53 . 2009-12-17 06:01 14432 ----a-w- c:\windows\Fonts\j8514oem.fon
2009-12-17 05:53 . 2009-12-17 06:01 12896 ----a-w- c:\windows\Fonts\j8514fix.fon
2009-12-17 05:53 . 2009-12-17 06:01 10656 ----a-w- c:\windows\Fonts\j8514sys.fon
2009-12-17 05:52 . 2009-12-17 06:01 6272 ----a-w- c:\windows\Fonts\vga950.fon
2009-12-17 05:52 . 2009-12-17 06:01 6272 ----a-w- c:\windows\Fonts\vga936.fon
2009-12-17 05:52 . 2009-12-17 06:01 6304 ----a-w- c:\windows\Fonts\vga949.fon
2009-12-17 05:52 . 2009-12-17 06:01 7232 ----a-w- c:\windows\Fonts\vga932.fon
2009-12-17 05:50 . 2009-12-17 06:01 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2009-12-17 05:49 . 2009-12-17 06:01 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2009-12-17 05:48 . 2009-12-17 06:01 17760 ----a-w- c:\windows\Fonts\s8514sys.fon
2009-12-17 05:48 . 2009-12-17 06:01 12384 ----a-w- c:\windows\Fonts\s8514oem.fon
2009-12-17 05:48 . 2009-12-17 06:01 11056 ----a-w- c:\windows\Fonts\s8514fix.fon
2009-12-17 05:38 . 2009-12-17 06:01 5680 ----a-w- c:\windows\Fonts\svgafix.fon
2009-12-17 05:38 . 2009-12-17 06:01 12896 ----a-w- c:\windows\Fonts\svgasys.fon
2009-12-17 05:37 . 2009-12-17 06:01 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2009-12-17 05:36 . 2009-12-17 06:01 12400 ----a-w- c:\windows\Fonts\h8514oem.fon
2009-12-17 05:36 . 2009-12-17 06:01 11056 ----a-w- c:\windows\Fonts\h8514fix.fon
2009-12-17 05:36 . 2009-12-17 06:01 10032 ----a-w- c:\windows\Fonts\h8514sys.fon
2009-12-17 05:35 . 2009-12-17 06:01 7728 ----a-w- c:\windows\Fonts\jvgasys.fon
2009-12-17 05:35 . 2009-12-17 06:01 6528 ----a-w- c:\windows\Fonts\jvgafix.fon
2009-12-17 05:35 . 2009-12-17 06:01 41584 ----a-w- c:\windows\Fonts\jsmalle.fon
2009-12-17 05:35 . 2009-12-17 06:01 38480 ----a-w- c:\windows\Fonts\jsmallf.fon
2009-12-17 05:34 . 2009-12-17 06:01 70000 ----a-w- c:\windows\Fonts\app936.fon
2009-12-17 05:34 . 2009-12-17 06:01 80896 ----a-w- c:\windows\Fonts\app949.fon
2009-12-17 05:34 . 2009-12-17 06:01 80896 ----a-w- c:\windows\Fonts\app932.fon
2009-12-17 05:31 . 2009-12-17 06:01 6512 ----a-w- c:\windows\Fonts\hvgasys.fon
2009-12-17 05:31 . 2009-12-17 06:01 5680 ----a-w- c:\windows\Fonts\hvgafix.fon
2009-12-17 05:31 . 2009-12-17 06:01 6144 ----a-w- c:\windows\system32\kbd101a.dll
2009-12-17 05:31 . 2009-12-17 06:01 9216 ----a-w- c:\windows\system32\kbdnecAT.dll
2009-12-17 05:31 . 2009-12-17 06:01 7680 ----a-w- c:\windows\system32\kbdnecNT.dll
2009-12-17 05:31 . 2009-12-17 06:01 7168 ----a-w- c:\windows\system32\kbdnec95.dll
2009-12-17 05:31 . 2009-12-17 06:01 6656 ----a-w- c:\windows\system32\c_is2022.dll
2009-12-17 05:30 . 2009-12-17 06:01 70000 ----a-w- c:\windows\Fonts\app950.fon
2009-12-17 05:27 . 2009-12-17 06:01 5600 ----a-w- c:\windows\Fonts\cvgafix.fon
2009-12-17 05:27 . 2009-12-17 06:01 12896 ----a-w- c:\windows\Fonts\cvgasys.fon
2009-12-17 05:26 . 2009-12-17 06:01 98304 ----a-w- c:\windows\system32\msir3jp.dll
2009-12-17 05:20 . 2009-12-17 06:01 17760 ----a-w- c:\windows\Fonts\c8514sys.fon
2009-12-17 05:20 . 2009-12-17 06:01 13552 ----a-w- c:\windows\Fonts\c8514oem.fon
2009-12-17 05:20 . 2009-12-17 06:01 10992 ----a-w- c:\windows\Fonts\c8514fix.fon
2009-12-14 08:28 . 2009-04-04 02:52 -------- d-----w- c:\program files\Paradox Interactive
2009-12-14 08:25 . 2007-11-07 06:21 -------- d-----w- c:\program files\eQuake
2009-12-14 08:25 . 2009-05-05 09:27 -------- d-----w- c:\program files\EmpiresandDungeons_at
2009-12-11 04:47 . 2008-05-19 11:17 -------- d-----r- c:\program files\Skype
2009-12-11 04:47 . 2008-05-19 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-05 22:37 . 2007-10-14 17:55 98304 ----a-w- c:\windows\DUMP6726.tmp
2009-12-03 19:14 . 2009-12-03 19:14 -------- d-----w- c:\program files\avi.NET
2009-12-03 19:14 . 2009-06-02 10:07 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-03 19:14 . 2009-06-02 10:07 -------- d-----w- c:\program files\XviD
2009-12-03 19:13 . 2009-12-03 19:13 -------- d-----w- c:\program files\AC3Filter
2009-12-03 08:09 . 2009-12-03 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-12-03 08:06 . 2009-12-03 08:02 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-12-03 08:02 . 2009-12-03 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-12-03 08:02 . 2009-12-03 08:02 -------- d-----w- c:\program files\Logitech
2009-12-02 08:02 . 2009-05-05 09:27 -------- d-----w- c:\program files\FastCrawlDemo
2009-11-30 08:13 . 2008-03-05 06:18 -------- d-----w- c:\program files\Phun
2009-11-30 08:13 . 2007-10-20 03:27 -------- d-----w- c:\program files\PC Inspector File Recovery
2009-11-30 08:13 . 2007-10-14 05:13 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-30 08:13 . 2009-06-24 12:04 -------- d-----w- c:\program files\GameSpy Arcade
2009-11-30 07:45 . 2007-10-14 17:55 98304 ----a-w- c:\windows\DUMPff6e.tmp
2009-11-30 07:36 . 2007-10-14 17:55 98304 ----a-w- c:\windows\DUMPf102.tmp
2009-11-30 07:31 . 2007-10-14 17:55 98304 ----a-w- c:\windows\DUMPefaa.tmp
2009-11-30 05:02 . 2009-11-30 05:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 05:02 . 2009-11-30 05:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-25 20:14 . 2009-11-25 20:14 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-25 20:14 . 2009-11-25 20:14 47360 ----a-w- c:\documents and settings\Rob\Application Data\pcouffin.sys
2009-11-25 09:12 . 2007-10-14 17:55 98304 ----a-w- c:\windows\DUMPf121.tmp
2009-11-16 06:41 . 2007-10-14 17:55 98304 ----a-w- c:\windows\DUMPf0c3.tmp
2009-11-05 21:59 . 2009-11-05 21:59 15406728 ----a-w- c:\windows\system32\xlive.dll
.

------- Sigcheck -------


[7] 2008-04-13 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll

c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!


Report •

#12
January 5, 2010 at 22:51:03

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ProtoWall"="c:\program files\Bluetack\ProtoWall\ProtoWall.exe" [2006-04-18 737280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"VirtualDrive"="c:\program files\FarStone\VirtualDrive\VDTask.exe" [2005-07-06 143360]
"RAMDrive"="c:\program files\FarStone\VirtualDrive\VHD\RDTask.exe" [2004-09-14 36864]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-21 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-05-16 1177368]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2007-04-15 124928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-9-20 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [19/09/2009 11:33 a.m. 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/10/2007 9:06 a.m. 685816]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/05/2008 8:57 p.m. 96520]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [20/09/2009 10:02 a.m. 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [20/09/2009 10:02 a.m. 38528]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/07/2008 6:39 p.m. 873752]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/07/2008 6:39 p.m. 231192]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/05/2008 8:57 p.m. 76040]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/07/2009 3:49 a.m. 1028432]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [29/10/2009 10:03 p.m. 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [21/08/2008 1:04 p.m. 98304]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [11/03/2009 5:52 p.m. 14976]
R3 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [24/10/2007 6:06 p.m. 57216]
R3 ProtoWall;ProtoWall Network Service;c:\windows\system32\drivers\ProtoWall.sys [2/01/2006 5:20 p.m. 23296]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/11/2007 9:22 a.m. 34064]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [20/09/2009 10:02 a.m. 14976]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HELPSVC
*NewlyCreated* - SECLOGON

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Sharedaccess
SRService
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
ShellHWDetection
napagent
hkmsvc
wscsvc
wuauserv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
Contents of the 'Scheduled Tasks' folder

2010-01-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 22:34]

2009-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 00:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.daemonsearch.com/intl/
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\qswalcsf.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://freerice.com/index.php
FF - component: c:\documents and settings\Rob\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Hexen2UninstallKey - c:\hexen ii\Uninst.isu
AddRemove-NWN2DW2 - g:\nwn2\modules\DW2Uninstall.exe
AddRemove-TJM Movies 1 - c:\program files\LucasArts\SWKotOR2\Movies\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 19:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86FD21E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf759ff28
\Driver\ACPI -> ACPI.sys @ 0xf7340cb8
\Driver\atapi -> atapi.sys @ 0xf72d5b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71c7bb0
PacketIndicateHandler -> NDIS.sys @ 0xf71d4a21
SendHandler -> NDIS.sys @ 0xf71b287b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):19,4f,0b,1b,94,f5,75,a0,1d,93,3d,ee,12,cf,03,ef,be,b1,35,1d,e9,
0e,5c,ab,f2,42,ae,f5,3f,d7,ed,39,f3,9b,28,32,7f,b1,b5,8c,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ad1f2187-f543-4b0c-9e4e-1480f6ac8aa4}]
@Denied: (Full) (Everyone)
"Model"=dword:00000074
"Therad"=dword:00000018
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6180)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-01-06 19:44:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-06 06:43

Pre-Run: 49,100,173,312 bytes free
Post-Run: 49,194,500,096 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BBA883A4FEE0FCB6A3025994ECD3C990


Report •

#13
January 6, 2010 at 19:34:29

Do you have a window cd or reinstall disk?

Report •

#14
January 6, 2010 at 19:46:31

No, I bought it second hand "as is" off a friend.

Report •

#15
January 6, 2010 at 20:26:43

You have some damaged/missing files as you can see from the Combofix scan. See if you can borrow a windows xp cd from a friend.

Report •


Ask Question